Hello,
There was a bug with the latest glibc update that went out for SL5.
https://bugzilla.redhat.com/show_bug.cgi?id=693882
It causes evolution to fail, and the gnome panel to crash.
As far as we know, this bug doesn't affect any non-graphical
environment, so servers should be safe.
We have created a glibc with two changes taken out that fix the bug.
The problem is that it removes one of the security patches.
*Security Update Removed* CVE-2011-0536
The fix for CVE-2010-3847 introduced a regression in the way the dynamic
loader expanded the $ORIGIN dynamic string token specified in the RPATH
and RUNPATH entries in the ELF library header. A local attacker could
use this flaw to escalate their privileges via a setuid or setgid
program using such a library.
*Security Updates Still Applied*
CVE-2011-1095, CVE-2011-1071, CVE-2010-0296
This fix is for those admins who had to downgrade their glibc due to
evolution and/or gnome-panel crashing. We feel it is better for them to
have three security patches, rather than none.
We do not plan on pushing this out, we are waiting for a fix from TUV.
To test or update
SL5
-------
yum --enablerepo=sl-testing update glibc\*
or you can download rpm's by hand at
http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/glibc/
http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/glibc/
glibc-2.5-58.el5_6.2.6.sl5
Thanks
Troy Dawson
--
__________________________________________________
Troy Dawson [email protected] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
